public class X509 extends Certificate implements oracle.security.crypto.asn1.ASN1Object
Both RSA and DSA certificates are supported. This class provides the methods for reading and writing X509 Version 1 fields of the certificate.
Any X509 v3 extension can be handled through X509Extension
. A subset of the standard extensions defined in RFC 2459 are conveniently implemented as subclasses of X509Extension
, in the oracle.security.crypto.cert.ext
package.
In the future this class will be made to extend X509Certificate
Currently it can't be done because of these methods getEncoded()
, getSigAlgOID()
. which have incompatible signatures. For now can get the X509Certificate version of this class by calling toX509Certificate()
X509Extension
, X509ExtensionSet
, Serialized FormModifier and Type | Field and Description |
---|---|
protected boolean |
isDecoded |
holder, key
Constructor and Description |
---|
X509()
Creates a new empty instance.
|
X509(byte[] data)
Constructs an X.509 certificate from the given DER encoding.
|
X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
Deprecated.
Use the individual methods
X509() , setSubject(X500Name) from CertificateRequest.getSubject() setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey() , setIssuerCertificate(X509Certificate) , setIssuer(X500Name) , setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) , setValidity(int) setSerialNo(BigInteger) , then finally call sign() |
X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg)
Deprecated.
Use the individual methods
X509() , setSubject(X500Name) from CertificateRequest.getSubject() setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey() , setIssuerCertificate(X509Certificate) , setIssuer(X500Name) , setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) , setValidity(int) setSerialNo(BigInteger) , then finally call sign() |
X509(java.io.File file)
Construct from the specified file.
|
X509(java.io.InputStream is)
Construct from the specified input stream.
|
X509(java.net.URL url)
Construct from the specified URL.
|
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter)
Deprecated.
Use the individual methods
X509() , setSubject(X500Name) , setPublicKey(java.security.PublicKey) , setIssuer(X500Name) , setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) , setNotAfterDate(Date) , setNotBeforeDate(Date) , setSerialNo(BigInteger) , then finally call sign() |
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, oracle.security.crypto.core.AlgorithmIdentifier signAlg)
Deprecated.
Use the individual methods
X509() , setSubject(X500Name) , setPublicKey(java.security.PublicKey) , setIssuer(X500Name) , setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) , setNotAfterDate(Date) , setNotBeforeDate(Date) setSerialNo(BigInteger) then finally call sign() |
X509(X500Name subject, java.security.PublicKey subjectKey, X500Name issuer, java.security.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, oracle.security.crypto.core.AlgorithmIdentifier signAlg) |
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
Deprecated.
Use the individual methods
X509() , setSubject(X500Name) , setPublicKey(java.security.PublicKey) , setIssuer(X500Name) , setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) , setValidity(int) setSerialNo(BigInteger) , then finally call sign() |
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg)
Deprecated.
Use the individual methods
X509() , setSubject(X500Name) , setPublicKey(java.security.PublicKey) , setIssuer(X500Name) , setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier) , setValidity(int) setSerialNo(BigInteger) , then finally call sign() |
X509(X500Name subject, java.security.PublicKey subjectKey, X500Name issuer, java.security.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg) |
X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
Creates a new, signed certificate using the given SPKAC object.
|
Modifier and Type | Method and Description |
---|---|
void |
addExtension(X509Extension ext)
Add an extension.
|
void |
checkValidity()
X509Certificate.checkValidity() |
void |
checkValidity(java.util.Date date)
X509Certificate.checkValidity(Date) |
protected void |
decode() |
boolean |
equals(java.lang.Object o)
Compare this certificate to the specified object.
|
int |
getBasicConstraints()
X509Certificate.getBasicConstraints() |
byte[] |
getCertID(oracle.security.crypto.core.MessageDigest md)
Deprecated.
|
byte[] |
getCertID(java.lang.String messageDigestAlg)
Compute the ID of this certificate.
|
static byte[] |
getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md)
Compute the ID of a certificate.
|
java.util.Set<java.lang.String> |
getCriticalExtensionOIDs()
X509Extension.getCriticalExtensionOIDs() |
byte[] |
getEncoded()
Returns the ASN.1 encoding.
|
java.util.List<java.lang.String> |
getExtendedKeyUsage()
X509Certificate.getExtendedKeyUsage() |
X509Extension |
getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
Return the first extension with the specified ID, or null if it was not present.
|
X509ExtensionSet |
getExtensionSet()
Returns the set of
X509Extension s. |
byte[] |
getExtensionValue(java.lang.String oid)
X509Extension.getExtensionValue(String) |
byte[] |
getFingerprint()
Compute and return MD5 fingerprint of the certificate.
|
Entity |
getHolder()
Get the holder of the certificate.
|
X500Name |
getIssuer()
Returns the name of the issuer.
|
java.util.Collection<java.util.List<?>> |
getIssuerAlternativeNames()
X509Certificate.getIssuerAlternativeNames() |
java.security.Principal |
getIssuerDN()
X509Certificate.getIssuerDN() |
boolean[] |
getIssuerUniqueID()
X509Certificate.getIssuerUniqueID() |
javax.security.auth.x500.X500Principal |
getIssuerX500Principal()
X509Certificate.getIssuerX500Principal() |
boolean[] |
getKeyUsage()
X509Certificate.getKeyUsage() |
java.util.Set<java.lang.String> |
getNonCriticalExtensionOIDs()
X509Extension.getCriticalExtensionOIDs() |
java.util.Date |
getNotAfter()
X509Certificate.getNotAfter() |
java.util.Date |
getNotAfterDate()
Get the not after date.
|
java.util.Date |
getNotBefore()
X509Certificate.getNotBefore() |
java.util.Date |
getNotBeforeDate()
Get the not before date.
|
oracle.security.crypto.core.PublicKey |
getPublicKey()
Gets the public key.
|
java.math.BigInteger |
getSerialNo()
Get the serial number.
|
java.math.BigInteger |
getSerialNumber()
X509Certificate.getSerialNumber() |
java.lang.String |
getSigAlgName()
X509Certificate.getSigAlgName() |
oracle.security.crypto.asn1.ASN1ObjectID |
getSigAlgOID()
Get the signature algorithm OID used for signing this certificate.
|
byte[] |
getSigAlgParams()
X509Certificate.getSigAlgParams() |
java.lang.String |
getSigAlgString()
Get the string representation of the signature algorithm used to sign this certificate.
|
byte[] |
getSigBytes()
Returns the signature bytes, signing the certificate first if needed.
|
byte[] |
getSignature()
X509Certificate.getSignature() |
X500Name |
getSubject()
Returns the name of the subject of this certificate (same as
getHolder , except the return type is X500Name ). |
java.util.Collection<java.util.List<?>> |
getSubjectAlternativeNames()
X509Certificate.getSubjectAlternativeNames() |
java.security.Principal |
getSubjectDN()
X509Certificate.getSubjectDN() |
boolean[] |
getSubjectUniqueID()
X509Certificate.getSubjectUniqueID() |
javax.security.auth.x500.X500Principal |
getSubjectX500Principal()
X509Certificate.getSubjectX500Principal() |
byte[] |
getTBSCertificate()
X509Certificate.getTBSCertificate() |
int |
getVersion()
X509Certificate.getVersion() |
int |
hashCode() |
boolean |
hasUnrecognizedCriticalExtension()
Indicates whether this certificate contains an unrecognized critical extesion.
|
boolean |
hasUnsupportedCriticalExtension()
X509Extension.hasUnsupportedCriticalExtension() |
void |
input(java.io.InputStream is) |
int |
length()
Returns length of DER encoding of this certificate.
|
void |
output(java.io.OutputStream os)
Output to the specified output stream.
|
void |
readExternal(java.io.ObjectInput is) |
void |
setExtensions(X509ExtensionSet exts)
Set the
X509Extensions s. |
void |
setHolder(X500Name holder)
Set the holder of the certificate.
|
void |
setIssuer(X500Name issuer)
Sets the issuer name which will be used to sign this certificate.
|
void |
setIssuerCertificate(X509 ic)
Deprecated.
|
void |
setIssuerCertificate(java.security.cert.X509Certificate ic)
Specifies the issuer certificate that will be used to verify this certificate.
|
void |
setIssuerCRL(CRL crl)
Set the issuer CRL.
|
void |
setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
|
void |
setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
|
void |
setIssuerPrivateKey(java.security.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Specifies the private key that will be used to sign this certificate.
|
void |
setNotAfterDate(java.util.Date nad)
Set the not after date.
|
void |
setNotBeforeDate(java.util.Date nbd)
Set the not before date.
|
void |
setPublicKey(oracle.security.crypto.core.PublicKey key)
Deprecated.
|
void |
setPublicKey(java.security.PublicKey key)
Sets the public key.
|
void |
setSerialNo(java.math.BigInteger sn)
Set the serial number.
|
void |
setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Set the signing algorithm.
|
void |
setSubject(X500Name subject)
Sets the name of the subject of this certificate.
|
void |
setValidity(int days)
Set validity period for the specified number of days.
|
void |
sign()
Generate the contents of this certificate and sign it.
|
void |
sign(oracle.security.crypto.core.RandomBitsSource rbs)
Deprecated.
Use
sign() |
java.lang.String |
toString()
Returns a verbose humanly readable representation of this certificate.
|
static X509 |
toX509(java.security.cert.X509Certificate cert)
Converts an X509Certificate to X509.
|
java.security.cert.X509Certificate |
toX509Certificate()
Get the X509Certificate.
|
boolean |
verify()
Verifies this certificate.
|
void |
verify(java.security.PublicKey key)
Certificate.verify(java.security.PublicKey) |
void |
verify(java.security.PublicKey key, java.lang.String sigProvider)
Certificate.verify(java.security.PublicKey, String) |
boolean |
verifyCertCRL()
Verify certificate against the issuer CRL.
|
boolean |
verifyCertDate()
Verify the date of the certificate.
|
boolean |
verifyCertSignature()
Verify the signature of the certificate.
|
boolean |
verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Verify a signature made with this certificate's public key.
|
void |
writeExternal(java.io.ObjectOutput os) |
public X509()
public X509(java.io.InputStream is) throws java.io.IOException
java.io.IOException
public X509(java.io.File file) throws java.io.IOException
java.io.IOException
public X509(java.net.URL url) throws java.io.IOException
java.io.IOException
public X509(byte[] data) throws java.io.IOException
java.io.IOException
public X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
X509()
, setSubject(X500Name)
from CertificateRequest.getSubject()
setPublicKey(java.security.PublicKey)
from CertificateRequest.getPublicKey()
, setIssuerCertificate(X509Certificate)
, setIssuer(X500Name)
, setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
, setValidity(int)
setSerialNo(BigInteger)
, then finally call sign()
cr
- the certificate requestissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg) throws oracle.security.crypto.core.SignatureException
X509()
, setSubject(X500Name)
from CertificateRequest.getSubject()
setPublicKey(java.security.PublicKey)
from CertificateRequest.getPublicKey()
, setIssuerCertificate(X509Certificate)
, setIssuer(X500Name)
, setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
, setValidity(int)
setSerialNo(BigInteger)
, then finally call sign()
cr
- the certificate requestissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validsignAlg
- the signature algorithm to useoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
subject
- the subject's namespkac
- the subject's Signed PublicKey And ChanllengeissuerCertificate
- the issuer's certificateserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
X509()
, setSubject(X500Name)
, setPublicKey(java.security.PublicKey)
, setIssuer(X500Name)
, setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
, setValidity(int)
setSerialNo(BigInteger)
, then finally call sign()
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg) throws oracle.security.crypto.core.SignatureException
X509()
, setSubject(X500Name)
, setPublicKey(java.security.PublicKey)
, setIssuer(X500Name)
, setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
, setValidity(int)
setSerialNo(BigInteger)
, then finally call sign()
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validsignAlg
- the signature algorithm to useoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, java.security.PublicKey subjectKey, X500Name issuer, java.security.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg) throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter) throws oracle.security.crypto.core.SignatureException
X509()
, setSubject(X500Name)
, setPublicKey(java.security.PublicKey)
, setIssuer(X500Name)
, setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
, setNotAfterDate(Date)
, setNotBeforeDate(Date)
, setSerialNo(BigInteger)
, then finally call sign()
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatenotBefore
- the first day for which the certificate shall be validnotAfter
- the last day for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, oracle.security.crypto.core.AlgorithmIdentifier signAlg) throws oracle.security.crypto.core.SignatureException
X509()
, setSubject(X500Name)
, setPublicKey(java.security.PublicKey)
, setIssuer(X500Name)
, setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
, setNotAfterDate(Date)
, setNotBeforeDate(Date)
setSerialNo(BigInteger)
then finally call sign()
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatenotBefore
- the first day for which the certificate shall be validnotAfter
- the last day for which the certificate shall be validsignAlg
- the signature algorithm to useoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, java.security.PublicKey subjectKey, X500Name issuer, java.security.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, oracle.security.crypto.core.AlgorithmIdentifier signAlg) throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public static X509 toX509(java.security.cert.X509Certificate cert)
If the X509Certificate was wrapper object obtained by toX509Certificate()
then this method simply returns the underlying X509 object.
cert
-protected void decode()
public void sign() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
- if there is an error during signingpublic void sign(oracle.security.crypto.core.RandomBitsSource rbs) throws oracle.security.crypto.core.SignatureException
sign()
rbs
- the random number generator to be used for signing, it is ignored.oracle.security.crypto.core.SignatureException
- if there is an error during signingpublic byte[] getSigBytes() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public void input(java.io.InputStream is) throws java.io.IOException
input
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public void output(java.io.OutputStream os) throws java.io.IOException
output
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public int length()
Throws a StreamableOutputException
if an error occurs while generating the DER encoding.
length
in interface oracle.security.crypto.util.Streamable
public byte[] getEncoded()
Throws a StreamableOutputException
if an error occurs while generating the encoded bytes.
public boolean verify() throws oracle.security.crypto.core.AuthenticationException
More precisely:
verify
in class Certificate
true
if the certificate is valid, and false
otherwiseoracle.security.crypto.core.AuthenticationException
- If the verification operation could not be performed for some reason (for example, a necessary credential or token has the wrong format)setIssuerCertificate(oracle.security.crypto.cert.X509)
, setIssuerCRL(oracle.security.crypto.cert.CRL)
public boolean verifyCertDate()
public boolean verifyCertSignature() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
setIssuerCertificate(oracle.security.crypto.cert.X509)
public boolean verifyCertCRL()
public Entity getHolder()
getHolder
in class Certificate
public void setHolder(X500Name holder)
public oracle.security.crypto.core.PublicKey getPublicKey()
getPublicKey
in class Certificate
public void setPublicKey(oracle.security.crypto.core.PublicKey key)
setPublicKey(java.security.PublicKey)
public void setPublicKey(java.security.PublicKey key)
public java.util.Date getNotBeforeDate()
public void setNotBeforeDate(java.util.Date nbd)
public java.util.Date getNotAfterDate()
public void setNotAfterDate(java.util.Date nad)
public void setValidity(int days)
public X500Name getSubject()
getHolder
, except the return type is X500Name
).public void setSubject(X500Name subject)
setHolder
.public X500Name getIssuer()
public void setIssuer(X500Name issuer)
public void setIssuerCertificate(X509 ic)
setIssuerCertificate(X509Certificate)
The certificate specified here will not be part of this certificate's persistent state.
ic
- The certificate of the entity which issued this certificatepublic void setIssuerCertificate(java.security.cert.X509Certificate ic)
The certificate specified here will not be part of this certificate's persistent state.
ic
- The certificate of the entity which issued this certificatepublic void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
The value specified here will not be contained in this certificate's persistent state.
ik
- The private key of the entity which is issuing this certificate.public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
The value specified here will not be contained in this certificate's persistent state.
ik
- The private key of the entity which is issuing this certificate.sigAlgID
-public void setIssuerPrivateKey(java.security.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
The value specified here will not be contained in this certificate's persistent state.
ik
- The private key of the entity which is issuing this certificate.sigAlgID
- Signing algorithmpublic void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
AlgID.sha_1WithRSAEncryption
AlgID.sha224WithRSAEncryption
AlgID.sha256WithRSAEncryption
AlgID.sha384WithRSAEncryption
AlgID.sha512WithRSAEncryption
AlgID.dsaWithSHA1
sigAlgID
-public void setIssuerCRL(CRL crl)
public java.math.BigInteger getSerialNo()
public void setSerialNo(java.math.BigInteger sn)
public boolean hasUnrecognizedCriticalExtension()
true
if this certificate contains at least one unrecognized critical extension, and false
if it has none.public X509ExtensionSet getExtensionSet()
X509Extension
s.X509ExtensionSet
, or null if no extensions are defined.public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
public void setExtensions(X509ExtensionSet exts)
X509Extensions
s.public void addExtension(X509Extension ext)
public byte[] getFingerprint()
public static byte[] getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md)
issuer
- the issuer's nameserial
- the serial numbermd
- the hash function to usepublic byte[] getCertID(oracle.security.crypto.core.MessageDigest md)
getCertID(String)
md
- the hash function to usepublic byte[] getCertID(java.lang.String messageDigestAlg)
md
- the hash function to usepublic oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()
public java.lang.String getSigAlgString()
"RSA/MD2", "RSA/MD5", "RSA/SHA", "DSA", "DSAold", "DSAold2"
, or the numeric representation of the OID, if it is not recognized.public boolean verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) throws oracle.security.crypto.core.AuthenticationException
docBytes
- The signed document.sigBytes
- The signature.sigAlgID
- The algorithm ID used for the signature.oracle.security.crypto.core.AuthenticationException
- if an error ocurrs during verification.public boolean equals(java.lang.Object o)
null
and is an X509
or X509certificate
object which has the same DER encoding as this object.equals
in class java.lang.Object
public int hashCode()
hashCode
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
public void writeExternal(java.io.ObjectOutput os) throws java.io.IOException
writeExternal
in interface java.io.Externalizable
java.io.IOException
public void readExternal(java.io.ObjectInput is) throws java.io.IOException, java.lang.ClassNotFoundException
readExternal
in interface java.io.Externalizable
java.io.IOException
java.lang.ClassNotFoundException
public java.security.cert.X509Certificate toX509Certificate()
If you want to convert to an X509Certificate of the different implementation do not use this method, Instead use CertificateFactory.generateCertificate
public void checkValidity() throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
X509Certificate.checkValidity()
java.security.cert.CertificateExpiredException
java.security.cert.CertificateNotYetValidException
public void checkValidity(java.util.Date date) throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
X509Certificate.checkValidity(Date)
date
-java.security.cert.CertificateExpiredException
java.security.cert.CertificateNotYetValidException
public int getBasicConstraints()
X509Certificate.getBasicConstraints()
public java.security.Principal getIssuerDN()
X509Certificate.getIssuerDN()
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
X509Certificate.getIssuerX500Principal()
public javax.security.auth.x500.X500Principal getSubjectX500Principal()
X509Certificate.getSubjectX500Principal()
public boolean[] getIssuerUniqueID()
X509Certificate.getIssuerUniqueID()
public boolean[] getKeyUsage()
X509Certificate.getKeyUsage()
public java.util.Date getNotAfter()
X509Certificate.getNotAfter()
public java.util.Date getNotBefore()
X509Certificate.getNotBefore()
public java.math.BigInteger getSerialNumber()
X509Certificate.getSerialNumber()
public java.lang.String getSigAlgName()
X509Certificate.getSigAlgName()
public byte[] getSigAlgParams()
X509Certificate.getSigAlgParams()
public byte[] getSignature()
X509Certificate.getSignature()
public java.security.Principal getSubjectDN()
X509Certificate.getSubjectDN()
public boolean[] getSubjectUniqueID()
X509Certificate.getSubjectUniqueID()
public byte[] getTBSCertificate() throws java.security.cert.CertificateEncodingException
X509Certificate.getTBSCertificate()
java.security.cert.CertificateEncodingException
public int getVersion()
X509Certificate.getVersion()
java.security.cert.CertificateEncodingException
public void verify(java.security.PublicKey key, java.lang.String sigProvider) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
Certificate.verify(java.security.PublicKey, String)
key
-sigProvider
-java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
public void verify(java.security.PublicKey key) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
Certificate.verify(java.security.PublicKey)
key
-java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
public java.util.Set<java.lang.String> getCriticalExtensionOIDs()
X509Extension.getCriticalExtensionOIDs()
public byte[] getExtensionValue(java.lang.String oid)
X509Extension.getExtensionValue(String)
oid
-#getExtension(ASN1ObjectID)}
public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
X509Extension.getCriticalExtensionOIDs()
public boolean hasUnsupportedCriticalExtension()
X509Extension.hasUnsupportedCriticalExtension()
public java.util.List<java.lang.String> getExtendedKeyUsage() throws java.security.cert.CertificateParsingException
X509Certificate.getExtendedKeyUsage()
java.security.cert.CertificateParsingException
public java.util.Collection<java.util.List<?>> getIssuerAlternativeNames() throws java.security.cert.CertificateParsingException
X509Certificate.getIssuerAlternativeNames()
java.security.cert.CertificateParsingException
public java.util.Collection<java.util.List<?>> getSubjectAlternativeNames() throws java.security.cert.CertificateParsingException
X509Certificate.getSubjectAlternativeNames()
java.security.cert.CertificateParsingException